<?php

session_start();
include "inc/implement.php";
pristup("zamestnanec");

$cid = IntVal($_GET['cid']);
$M = IntVal($_GET['m']);
$Y = IntVal($_GET['y']);
if (($cid > 0) && ($M>0) && ($Y>0)) {
    $xml_s = "SELECT file FROM xmls WHERE cid = '" . $cid . "' AND month = '" . $M . "' AND year = '" . $Y . "'";
    $xml_q = MySQL_Query($xml_s);
    $xml_n = MySQL_Num_Rows($xml_q);
    if ($xml_n == 1) {
        $xml = MySQL_Fetch_Array($xml_q);
        Header('Content-Description: File Transfer');
        Header('Content-Type: application/octet-stream');
        Header('Content-Disposition: attachment; filename=' . $xml['file'] . '.xml');
        Header('Content-Transfer-Encoding: binary');
        Header('Expires: 0');
        Header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        Header('Pragma: public');
        Header('Content-Length: ' . filesize('xmls/' . $xml['file'] . '.xml'));
        ob_clean();
        flush();
        readfile('xmls/' . $xml['file'] . '.xml');
    } else {
        Header("Location: index.php");
        exit();
    }
} else {
    Header("Location: index.php");
    exit();
}
?>